Vulnerabilities have been found in various types of software such as, for example, operating systems and software applications. The term “vulnerability” refers to a security defect in a system or software that permits an attacker to violate the confidentiality, integrity, operations, availability, access control, and/or data of the system or software. Vulnerabilities may result from bugs or design flaws in the system or software. The term “exploit” refers to software, data, or a sequence of commands that takes advantage of a vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware. Such behavior could include gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack. An exploit allows an attacker to execute arbitrary code on a computer. Typically, an attacker will manually review the code of a software program, identify a vulnerability, or bug, and attempt to exploit that vulnerability. If the vulnerability is exploitable, the attacker will seize control of the software, and any computing device running the software, until the exploit is discovered and removed, and the vulnerability is fixed.
The susceptibility of computer systems to unauthorized access or use is widely recognized. These vulnerabilities range from minor annoyances to critical national security risks. Today, given the ubiquitous nature of Internet communications and the value of information and transactions hosted on the public internet, vulnerabilities are discovered and exploited at alarming rates.
Automated tools facilitate the probing of systems and discovery of vulnerable systems and configurations. Manual, or somewhat automated, techniques can be suitable for attackers when seeking vulnerabilities, as they only need to find one exploitable bug to be successful in compromising a computing system. However, existing systems for discovery of vulnerabilities are limited because they do not actually attempt exploitation on an endpoint in a production system, and do not scale. Thus, what is needed is a system for allowing network security personnel to quickly discern malicious messages from a large volume of reported threats.
Furthermore, to train incident response teams, canned scenarios are not realistic and quickly become stale, and Red Teams, who manually perform much of their campaigns, are cost-prohibitive. It would be desirable to emulate real-world adversarial threat campaigns in an automated fashion, using gamification and machine learning.